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Abstract 

Bisimulation relation has been successfully applied to computer science and control theory. In our 
previous work, simulation-based controllability and simulation-based observability are proposed, under 
which the existence of bisimilarity supervisor is guaranteed. However, a given specification automaton 
may not satisfy these conditions, and a natural question is how to compute a maximum permissive sub- 
specification. This paper aims to answer this question and investigate the computation of the supremal 
simulation-based controllable and strong observable subautomata with respect to given specifications by 
the lattice theory. In order to achieve the supremal solution, three monotone operators, namely simulation 
operator, controllable operator and strong observable operator, are proposed upon the established complete 
lattice. Then, inequalities based on these operators are formulated, whose solution is the simulation-based 
controllable and strong observable set. In particular, a sufficient condition is presented to guarantee the 
existence of the supremal simulation-based controllable and strong observable subautomata. Furthermore, 
an algorithm is proposed to compute such subautomata. 

I. INTRODUCTION 

Bisimulation relation was introduced in [1 J as a behavioral equivalence relationship between two 
dynamical systems, and since then it has been used widely in the study of discrete event systems 
(DESs) [2], linear systems 0, probabilistic systems H, and hybrid systems 0. Bisimulation 
provides a stronger equivalence than the extensively studied language equivalence fl9]|. It is known 
that the language generated by two bisimilar systems are equivalent, but the systems possessing the 
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same language might not be bisimilar. Moreover, two bisimilar systems have equivalent reachability 
properties, or more generally, preserve properties specified in terms of temporal logic such as CTL* 
lfT2l . Therefore, the bisimilarity control that aims to achieve a bisimulation equivalence between 
controlled system and specification has attracted lots of attentions these years. 

Komenda and Schuppen characterized the language controllability and observability in terms of 
partial bisimulation by using coalgebra for supervisory control of DESs under partial observation [6|. 
Tabuada investigated the controller synthesis problem of affine systems for bisimulation equivalence 
and extended it to various systems including discrete-event systems, nonlinear control systems, 
behavioral systems, and hybrid systems by means of category theory (8]|. In Zhou's work [13J and 
our previous work [fT4|l - the problem addressed is to design a supervisor to execute the control action 
to achieve the bisimulation relation between supervised system and specification, where plant and 
specification are generally described as nondeterministic automata. In Zhou's work [fT3ll . a small 
model theorem is established to show that the supervisor exists if and only if it exists over the 
power set of Cartesian product of system and specification state spaces. 

In our previous work 031, a different framework is proposed to characterize the existence of 
the supervisor. The supervisor exists if and only if the specification is simulation-based con- 
trollable under full observation. As for the partial observation case, the specification should be 
both simulation-based controllable and simulation-based observable to ensure the existence of the 
supervisor. However, in most situations, a given specification does not satisfy those conditions. Then, 
a natural question is how to compute a maximum permissive sub-specification. Here, we would like 
to calculate the supremal simulation-based controllable and strong observable subautomata. Please 
note that the existing work for the calculation of supremal controllable/normal sublanguages are all 
based on the language controllability/normality ifToll . IfTTTl . To our best knowledge, there is no work 
considering the computation of the supremal subautomata under simulation-based controllability and 
simulation-based observability, where the specifications are given as automata instead of languages. 

This paper aims to answer this question and investigate the computation of the supremal simulation- 
based controllable and strong observable subautomata with respect to given specifications by the 
lattice theory. Some preliminary results on the computation of the supremal simulation-based 
controllable subautomata under full observations were presented in IfTOl . In this paper, we will 
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calculate the supremal simulation-based controllable and strong observable subautomata for the 
partial observation case. In order to achieve the supremal solution, three monotone operators, 
namely simulation operator, controllable operator and strong observable operator, are proposed 
upon the established complete lattice. Then, inequalities based on these three operators are formu- 
lated, whose solution is the simulation-based controllable and strong observable set. In particular, 
a sufficient condition is presented to guarantee the existence of the supremal simulation-based 
controllable and strong observable subautomata. Furthermore, an algorithm is proposed to compute 
such subautomata. 

This note is organized as follows. Section 2 gives the preliminary. Section 3 reviews the works 
that have been done under full observation. Section 4 studies the computation of the supremal 
simulation-based controllable and strong observable subautomata under partial observation. An 
illustrative example is provided in Section 5. The note concludes with section 6. 

II. Preliminary 

A. Discrete Event System 

A DES is modeled as an automaton G = (X, E, x , a,X m ), where X is the set of states, 2 is a finite 
set of events, a : X x E — > 2 X is the transition function, x is the initial state, X m c X is the set of 
marked states, r : X — » 2 Z is the active function and Y(x) is the active event set at state x. Let E* 
be the set of all finite strings over E, including the empty string e. Then the transition function a 
can be extended to a : X x E* — » 2 X in the nature way [9|. The language generated by G is defined 
as L(G) = {s e E* | a(xo, s) is defined}. The event set can be partition into E = E„ C UE C , where E„ c is 
the set of uncontrollable events and E c is the controllable event set. It can be also partitioned into 
E = E HO 0E o , where E uo is the set of unobservable events and £ is the set of observable events. 
Given an event string s e £*, \s\ is the length of the string and s(i) is the i th event of this string, 
where 1 < i < \s\. When a string of events occurs, the sequence of observable events is filtered by 
a projection P: S* — » E*, which is defined inductively as follows: P(e) = e, for cr e E and s e E*, 
P(scr) = P(s)cr if cr e E , otherwise, P(so-) = P(s). The accessible operator Ac is used to remove 
the states which are not accessible from the initial state, and it is defined as below. 

Definition 1: Given an automaton G = (X, E, Xq, a, X m ), the accessible operator on G is defined 
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as: 

5 Xq, 0L ac i Kaon), 

where Z ac = {x e X \ x e ar uc (xo, 5), where s e E* 1, Z flC „, = Z m n X ac , a ac : X ac x I -» Z ac is a 
transition function, and for any 6 Z ac and e e E, a ac (x,e) = {y e X ac \ y e a(x, e)\. 

Further, the concept of subautomaton is introduced and a subautomaton operator is proposed to 
construct a subautomaton from a given state set. 

Definition 2: Given an automaton G = (X, 2, x$, a,X m ), the subautomaton of G is defined as 
Gy = (Z l5 Si,x , ar,Z m i), where Zi c X, Z ml c Z m , and a\ = a \ Zi X E — > Zi. 
The notation a | Zi x 2 — » Zi means that we are restricting a to the smaller domain of the states 
Zi. The subautomaton of G picks its states and marked states from the corresponding sets in G. 

Definition 3: Given an automaton R = (Q, E, q , 6, Q m ), the subautomata operator is defined as: 

RciZ) = Ac(Q rc , 2, q Q , 6 rc , Q rcm ), 

where Z c Q x Z, Q rc = {q e Q \ (q, x) e Z}, Q rcm = Q m n Q rc , and 5 rc = 6 \ Q rc x 2 -> g rc . 
By this subautomata operator, we can construct a subautomata of the original automata R from a set 
Z, whose elements are the state pairs of R and G. In addition, the state set Q rc of this subautomata 
is a subset of the corresponding state set Q of R and the transition function of this subautomata 
restricts 5 to a smaller domain of the states Q rc . 

Then, simulation relation is used to describe the equivalence between automata as follows. 

Definition 4: Let G\ = (Zi,E,Xoi,ari,Z w i) and G 2 = (Z 2 ,E, *02><2 2 ,Z m2 ) be two automata. G\ is 
said to be simulated by G 2 , denoted by G\ G 2 , if there is a binary relation (p c Zi x Z 2 such 
that Otoi,xo2) e an d for each (xi,x 2 ) e 0, 

(1) x'j 6 a\(x\,o~), where cr 6 S => 3^ £ ^2(^2, cr) such that (jc' p jc 2 ) 6 0. 

(2) x\ 6 Z m i, then x 2 e Z m2 . 

If Gi <0 G 2 , G 2 <^ Gi, and </> is symmetric, is a bisimulation relation between G\ and G 2 , 
denoted by Gi G 2 . We sometimes omit the subscript <f> from <^ or =^ when it is clear from the 
context. Moreover, the main result of [fT4| is as below. 

Theorem 1: Given a plant G = (Z, S, a, Jc ,Z m ), a specification i? = (<2, 2, 5, qo, Q m ) and a 
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projection P, assume that L{R) is language controllable and language observable. Then, there 
exists a simulation relation O c gxX and a P-supervisor S P such that Sf/G - R and Sf/G 
is 2 l(C -consistent if and only if R is simulation-based controllable and simulation-based observable. 

The simulation-based controllability and simulation-based observability are defined as below. 

Definition 5: Given a plant G = (X,H,x ,a,X m ) and a specification R = (Q,l,,qo,6, Q m ), R is 
simulation-based controllable with respect to G and E MC if it satisfies: 

(1) (Simulation Condition) There is a simulation relation (p such that R <^ G. 

(2) (Controllable Condition) (V s e L(7?))(V 4 e 6(q , s))(V cr e £ HC )[so- e L(G) => &) * 0]. 
The set <2i xXi c QxX is said to be a simulation-based controllable set if <2i xX t is a simulation 

relation from R to G and Rc{Q\ xXj) satisfies the controllable condition. 

Definition 6: Given a plant G = (X,E,xo,a,Z m ) and a specification R = (Q,l,,qo,6, Q m ). R is 
said to be simulation-based observable with respect to G, S c and P, if it satisfies: 

(1) (Simulation Condition) There is a simulation relation <p such that R <^ G. 

(2) (Observable Condition) Vs, s' e L(7?) with = P(s') (Vg e tf(^ , *)) (V<5 g 2 c ) [5V 6 L(R) 
and 50- e L(G) => 5(^, cr) ^ 0]. 

Simulation-based controllability and simulation-based observability implies language controlla- 
bility and language observability, but the reverse does not hold. 

B. Lattice Theory 

Definition 7: Consider a set X and a relation R Q XxX over X. R is reflexive if for each x e X, 
(x, x) 6 R; it is antisymmetric if (x,y) e R and (y,x) e R implies x = y; it is transitive if (x,y) e R 
and (y,z) & R implies that (x, z) 6 R. The partial order relation, denoted by <, over X is a reflexive, 
antisymmetric and transitive relation. The pair (X, <) is a poset. 

Definition 8: Consider a set X and Y Q X. x e X is said to be the supremal of Y, denoted 
by supY or L\Y, if it satisfies : (1) Vy e Y: y < x, (2) [Vv 6 y : y < z] => [jc < z]. jc is said 
to be the infimal of Y, denoted by infY and F\Y, if it satisfies: (1) Vy e y: jc < y (2) Vz 6 X : 
[Vy e y : z < y] => [z < x\. The poset (X, <) is called a lattice if supY, infY e X for any finite Y. 
If supY, infY e X for arbitrary 7CI, then (X, <) is called a complete lattice. 

A poset may be a lattice, but it may have a set Y of infinite size for which infY or supY may 
not exist. However, infY and swpy exist for any Y c X on a complete lattice. Moreover, monotone 
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functions and disjunctive functions are defined over a complete lattice (X, <). 

Definition 9: A function / : X — » X is said to be monotone if for any x,y e X : [x < y] => 
[f(x) < fiy)]. f is said to be disjunctive if for any Y c X : /(U yey y) = U ve y/(y). 

Furthermore, the following lemmas are introduced to obtain the supremal solution of the system 
of inequalities ([TTT|. 

Lemma 1: Consider the system of inequalities [fi(x) < giix))i< n over a compete lattice (X, <). 
Let Y = {y G X | Vi < n : _/j-(y) < g,(y)} be the set of all solutions of the system of inequalities and 
Yi = {y 6 X | /zi(y) = y} be the set of all fixed points of hi, where hi = \~\i<nf^igiiy)) and ffigiiy)) 
is the supremal solution of fix) < giix). If f is disjunctive and g t is monotone, then supY e y, 
swpyi e Yi, and i'Kpy = 5Mj!?yi. 

Lemma 2: Consider the inequalities {fix) < giix))i< n and Y = {y G X \ V? < n : fiy) < giiy)}. If 
/, is disjunctive and g,- is monotone, supY can be obtained by iterative computation: y = supX, 
V£ > 0,y k +\ = hiy k ) until y m+ i = y m = supY. 

In this note, we focus on the computation of the supremal simulation-based controllable and 
strong observable subautomaton for the specification, which is not simulation-based controllable 
and observable. 

III. Full Observation 

In this section, we establish a complete lattice over which the constructed simulation operator, 
controllable operator and their properties are reviewed IfTOll . 

Definition 10: Given a plant G = (X, E, xo,a,X m ) and a specification R = iQ, E, qo, 6, Q m ), the 
poset is defined as (2 exX , c). 

It can be seen that this power set lattice i2 QxX , c) is built upon the state pairs from R and G and 
it is a complete lattice [11]. Thus, supremal and infimal defined with respect to a compete lattice 
are unique. 

Remark 1: An alternative poset can be a prelattice iS, <), where S:= {S ' | (5 ' ■< i?)A(5 ' is simulation- 
based controllable and strong observable) } is a set of automata and ■< is a simulation relation. 
However, the supremal solution with respect to the prelattice (<S, <) is not unique because this 
simulation relation over <S is a preorder, which is transitive, reflexive but not anti- symmetric. 
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Next, we introduce several operators defined over (2 QxX , c). 

Definition 11: The simulation operator F s : 2 QxX -> 2 QxX defined by (q, x) G F S (Z), for Z c QxX, 
if the following conditions are satisfied: 

1. (q, x) G Z. 

2. q 6 5(q,o~) => [3* e o;(x, cr)] [(g ,x ) G Z]. 

3. g 6 g m => x G X m . 

The simulation operator evolves from a similar operator in [15J and it has following properties. 
Their proofs can be found in [fTDl . 

Proposition 1: Given a plant G = (X, S, x , a, X m ) and a specification R = (Q,H,q ,6,Q m ), <p is 
a simulation relation from R to G if and only if ^ c F s {<f>) and (g , *o) € 0- 

Proposition 2: Given a plant G = (X,T,,x ,a,X m ), a specification 7? = {Q,Y.,qQ,6,Q. m ) and the 
sets Z,Z'cgxX, F S (Z) c F,(Z') if Z c z'. 

Theorem 2: Given a plant G = xo, a,X m ) and a specification 7? = (Q,2,,q Q ,S, Q m ), the 

supremal simulation relation is the maximal fixed-point Z of the operator F s if (g > *o) e 2, where 
Z c QxX. Moreover, 

F s (Z) = limF i s (QxX), 

l—¥00 

where F° K (Q xX) = QxX is an identity function, and for each i > 0, F[ +l (Q xX) = F S {F[{Q x X)). 

Before presenting the controllable operator, we introduce the following concepts. 

Definition 12: Given an automaton G\ = (Xi,Ei,jtQ,ari,Xi If ,,r , i) and a state x 6 X\, the string 
set of x, denoted by S x , is defined as S x = {s € E* | x G a^(xo, s)}. The nondeterministic state set 
of x, denoted by X x , is defined as X x = {x e X\ \ x G a?i(xo, 5 G 5 A }. Further, we define the 
nondeterministic active event set of the state x, denoted by T„(x), as Y n {x) = Uv^r^Jti). 

We can obtain all the strings that can reach x from xq through S x and all the states that are 
reachable from x$ with the strings in S x by X x . Besides, T n {x) is a union of the active event set of 
the states in X x . Next, we propose the following notion to guarantee the existence of the supremal 
simulation-based controllable subautomata. 

Definition 13: Given a plant G and a specification R = (Q, Z, q , 5, Q m ), R is said to be calculable 
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for the supremal simulation-based controllable subautomaton with respect to G if it satisfies: 

Qfq e £m)(Vs g S q )0/cr e X uc )[so- e L(G) =s 8{q,a) ± 0] 

where Q M = [q e Q \ \S q \ > 2}. 

Before presenting the controller operator, the simulation-based controllable product is established. 

Definition 14: Given a plant G = (X,l,,xo,a,X m ) and a specification R = (Q, 2, q , 6, Q m ), the 
simulation-based controllable product of R and G is an automaton: 

R X sc G = Ac(Q xXU {(q v , x v )}, 2, q X x , y sc , Qm X X m ) 

where 

(q v , x v ) cr 6 (E MC Pi (r n (x) - r(^)); 
Y, c ((^, x), cr) = \ (6(q, a), a(x, cr)) cr £ F(x) n T(q); 

undefined otherwise. 

According to the definition of simulation-based controllable product, a transition that leads to the 
new states through event cr is allowed if the active event sets of this state pair (q, x) share the event 
cr. Besides, there will be a transition to (q v , x v ) if the state q, which is reachable from initial state 
qo of R along s, does not include the uncontrollable event cr, where cr is defined at a certain state 
of G reachable from its initial state x through s. Moreover, the state pairs that are not reachable 
from (go, x ) are removed by the accessible operator. Next, the controllable operator is built upon 
complete lattice (2 QxX , c). 

Definition 15: Given a plant G = (X, E, x , a, X m ), a specification R = (2,2, q , 8, Q m ) and an 
automaton Rc(Z) x sc G = (X iCZ ,2, q x xo,y scz ,X sczm ) for Z c gxX, the controllable operator 
F c : 2 QxX -» 2 exX defined by (4, x) e F C (Z) if it satisfies: 

(q, x) <t Q d {Z) X X, Q d {Z) = U^QdAZ), 

where for any a e 2 MC , Q^Z) = e 2 | (3x e X) s.t. (q v ,x v ) e y scz ((q d(T ,x),o-)) }. 
Moreover, this controllable operator satisfies following properties. 

Proposition 3: Given a plant G = (X, 2, xo, a, X m ), a specification R = (Q,H,q ,6, Q m ) and a set 
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Zc Q x X, Rc(Z) satisfies the controllable condition if Z c F C (Z) and there is x e X such that 
(<7o, x) e Z. 

Proof: Assume that Rc(Z) violates the controllable condition when Z c F C (Z) and there is 
x e X such that (q , x) e Z, where Zc QxX, then there exists 5 6 L(R) and cr e 2 MC such that 
scr 6 L(G) and g e <5(g , s) with cr) = 0. As scr e L{G), there is x e a(x , s) with a(x' , cr) ^ 0. 
Moreover, (q, x') belongs to the state set of Rc{Z) x sc G because it is reachable from (q , x ) by 
the string s. Furthermore, we have cr e E MC n (T n (x') - T(q)) as 6(q, cr) = and a(x', cr) ^ 0. Thus, 
(q v ,x v ) e y sc {(q,x'),cr) in Rc(Z)x sc G by the definition of the simulation-based controllable product. 
We obtain q e Qd(Z), therefore, (q, x') e Qd{Z) x X. On the other hand, we have (q, x') e F C (Z) as 
Z c F C (Z). Then, we obtain (q,x') £ Q d (Z)xX by the definition of the controllable operator. Thus, 
there is a contradiction. Therefore, Rc(Z) satisfies the controllable condition. ■ 
Proposition 4: Given a plant G = xo,a,X m ), a specification R = (<2, £, qo, 6, Q m ) and a 

set Z c QxX, F C (Z) Q F C (Z!) if Z Q Z' and R is calculable for the supremal simulation-based 
controllable subautomaton with respect to G. 

Proof: For any (q, x) e F C (Z), we have (q, x) e Z and (q, x) £ Qd(Z) x X. Then, (q, x) e Z' 
since Z c Z'. Further, (q, x) i Qd(Z') x X because of the definition of Rc(Z') x sc G and the 
calculability of R for the supremal simulation-based controllable subautomaton with respect to G. 
Thus, (q, x) e F C (Z'). Therefore, we have F C (Z) Q F C (Z'). ■ 

IV. Partial Observation 

In this section, we establish a monotone strong observable operator over complete lattice (2 QxX , c 
). Combine it with the simulation operator and the controllable operator, the inequalities whose 
solution is the simulation-based controllable and strong observable set are set up. Then, an algorithm 
is proposed for the computation of simulation-based controllable and strong observable subautomata. 

A. Strong Observable Operator 

Definition 16: Given a plant G = (X, 2, x ,a,X m ) and a specification R = (Q, S, q , 6, Q m ), the 
simulation-based observable product of R and G is defined as: 

R x so G = Ac(Q x X, 2, q x x , y so , Q m x X m ) 
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where S = E U |e) and for any (q, x) £ Q X X, (cr l5 cr 2 ) eXxI, 



The transition y.«o((<?, (o"i, cr 2 )) 



(<?, or(x, cr 2 )) 



P(cr 2 ) = 6 = cr,; 



((%, cr x ),x) 



P(crt) = e = cr 2 ; 



(q, x) 



cr, = cr 2 = 6; 



((%, o-i),or(x, cr 2 )) 



(P(cr,) = P{a 2 )) A (o"i * e) A (cr 2 * e); 



undefined 



otherwise. 



In particular, the transition can be extended from domain QxXx'Lxl, to domain QxXx^xH* in 
the following recursive manner: y so ((q, x), (s^i, s 2 o- 2 )) = y so (y so(Yso((q, x), (s u s 2 )\ (e, a 2 )), (o- u e))U 
y,w (yso(yso((q,x),(si,s 2 )),(o- u e)),(e,o- 2 )) Uy so (y so ((q,x), (s u s 2 )), {a x , a 2 )) if o- U (T 2 £ S H0 , other- 
wise, y so ((q, x), (si<r u s 2 o- 2 )) = y so (y so ((q, x), (s u s 2 )), (<t u o- 2 )). 

The simulation-based observable product R x so G satisfies the following proposition. 

Proposition 5: Given a plant G = (X,H,xo,a,X m ), a specification R = (Q,H,qo,5, Q m ) and their 
simulation-based observable product R x so G = (X so , S, q x x , y so , X som ), (q, x) e y so ((q , x ), (s, s')) 
iff there exists s, s' with P(s) = P(s') such that q e 6(q , s) and x £ a(x , s'). 

Proof: The induction method is adopted to prove this proposition. (Necessity) 1. \s\ = 0, 
then s = e. (1) \s'\ = 0, that is, s' = e. Let (q, x) £ y so ((q ,xo),(e,e)). Obviously, we have 
q £ 6(q ,e), x £ a(x ,e) and P(e) = P(e). (2) Let = 1 with s' = a x . For any (q',x') £ 
y so ((qo,xo),(e,o-i)), we have P{cr{) = e, q' £ 8(q ,e) and x' £ a(xQ,cr\). (3) Assume that \s'\ = n 2 , 
the necessity of this proposition holds. (4) \s'\ = n 2 + 1. For any (qi,x\) £ y so {(q Q ,x ),{e,s"cr 2 )), 
where s' = s"cr 2 , there exists (q 2 , x 2 ) £ y s „((q , x Q ), (e, s")) with q 2 e 6(q Q , e), x 2 £ a(x Q , s") and 
P(s") = 6 s.t. (qi,xi) £ y s „((q 2 ,x 2 ),(e,cr 2 )) since the necessity of this proposition holds when 
|e| = and \s"\ = n 2 . Then, P(s"cr 2 ) = e, q\ e 6(q , e) and x\ £ a(x ,s'). 2. Let \s\ = 1 
with s = cr 3 . (1) \s'\ = 0, then s' = e. Obviously, the necessity holds. (2) Let = 1 with 
s' = cr 4 . Any (q 3 ,x 3 ) £ y so ((qo,Xo),(cr 3 ,o- 4 )) satisfies the following cases. Case 1: there exists 
(q 4 ,x 4 ) £ y so ((q Q ,x Q ),(e,o- 4 )) with q 4 e 6(q Q ,e), x 4 £ a(x ,o- 4 ) and P(cr 4 ) = e s.t. (q 3 ,x 3 ) e 
y so ((<l4, x 4 ),(o- 3 , e)), then P(cr 4 ) = e = P(cr 3 ), q 3 £ 6(qo,o- 3 ) and x 3 £ a(x ,o- 4 ). Or case 2: there 
exists (q 5 ,x 5 ) £ y so ((q(hX ),(o- 3 ,e)) with q 5 £ 6(q Q ,cr 3 ), x 5 £ a(x Q ,e) and P(cr 3 ) = e s.t. (q 3 ,x 3 ) £ 
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Ysoiiqs, xs), (e, cr 4 )), then P(cr 3 ) = e = P(cr 4 ), q 3 e 6(q , cr 3 ) and x 3 G ar(x , cr 4 ). Or case 3: there exists 
(q 3 , x 3 ) G Y«X(<?o, *o), (0-3, 0-4)) then P(cr 4 ) = P(cr 3 ), cr 3 £ e, cr 4 ± e, q 3 G (% , cr 3 ) and jc 3 G or(x , cr 4 ). 
(3) Assume that (s'l = n 2 , the necessity of this proposition holds when \s\ = 1. (4) = n 2 + 1. 
For any (<? 6 , x 6 ) G Y™((<?o, JCo), (o" 3 , s'X where 5' = s'(l) ■ ■ ■ s'(i)s'(i +!)■■■ s'Qs'l - l)s'Qs'\)), we have 
following cases. Case 1: there exists (q 7 ,x 7 ) £ y s „((qo,xo),(cr 3 , s'(l) • • • s'(i)s'(i + 1) • • • s'(\s'\ - 1))) 
with q 7 G 6(q , tr 3 ), * 7 G or(x , s'(l) • • • s'OVO' + 1) • • ■ s'(|s'| - D) and P(s'(l) ■ ■ ■ s'(\s'\ - 1)) = P(cr 3 ) 
s.t. (q 6 ,x 6 ) £ y so ((q7,x 7 ),(e, s'(\s'\))) since |cr 3 | = 1 and \s'(l) ■ ■ ■ s'(i)s'(i+l) ■ ■ • s'Qs'\-l)\ = n 2 . Then, 
P(<t 3 ) = P(s'), q 6 £ 6(q , cr 3 ) and x 6 G a(x , s'). Or case 2: there exists (q & , x 8 ) G y«((«o. Xo), (e, *')) 
with <? 8 G 6(q ,e), jc 8 g or(x ,5') and P(s') = e s.t. (<? 6 ,x 6 ) G Y*>((«8.*8).(<r3.e)) since it is 
similar to 1.(4) when |e| = and \s'\ = n 2 + 1. Then, P(cr 3 ) = 6 = P(s'X #6 G (5(g ,cr 3 ) and 
jc 6 G or(x , 5'). Or case 3: there exists (q 9 ,x 9 ) £ y so ((qo, x ), (e, s'(\) • • • s'(i)s'(i + I)- •• s'Qs'l - 1)) 
with q 9 G 6(q , e), x 9 G or(x , • • • s'(i)s'(i +!)■■■ s'Qs'l ~ 1)) and P(s'(l) ■ ■ ■ s'Qs'l - 1)) = e s.t. 
(q 6 , x 6 ) G y so ((q 9 , x 9 ), (<t 3 , s'Os'D) since it satisfies the case 1.(3) when |e| = and \s'{\) • • • s , (i)s'(i + 
\)--- s'Qs'l - 1)1 = n 2 . Then, P(cr 3 ) = P(s'), q 6 £ 6(q ,cr 3 ) and x 6 £ a(xo, s'). 3. Assume that 
I si = «i, |s'| = n 2 , the necessity of this proposition holds. (4) Let \s\ = n\ + 1 and |s'| = 
n 2 . For any (g 10 , x i0 ) G Yto((?o> -^o)> (*> it satisfies the following cases. Case 1: there exists 
G y so ((q ,x ),(s(l)--- S (i)s(i+ D---sQs\ - 1), s'(l) • • • s'(i)s'(i + I)- ■■ s'Qs'l ~ D)) with 
qn G <% ,5(l)---s0>(z + - 1)), x n £ a(x , s'(l) ■ ■ ■ s'(i)s'(i + I)- ■■s'Qs'l ~ 1)) and 

P(s'(l)--- s'(\s'\ ~ D) = P(s(\)---sQs\ - 1)) s.t. (q l0 ,x w ) G Y*,((«ii.*n), WW), Ak'l))) since the 
necessity of this proposition holds when \s(l) ■ ■ ■ s(i)s(i + 1) • • • sQs\ - 1)| = n\ and |s'(l) • • • s'(i)s'(i + 
1) • • • s'(|s'|-l)| = n 2 -l. Then, P(s) = P(s'), q w £ 6(qo, s) and x\q g a(xo, s'). Or case 2: there exists 
(qn, x i2 ) £ y so ((qo, x Q ), (s(l) • • • s(i)s(i+l) ■ • • s(|s|-l), s')) with q l2 £ 6(q , s(l) • • • s(i)s(i+l) • • • sQs\- 
1)), x l2 £ a(x ,s') and P(s') = P(s(l) ■ ■ ■ sQs\ - 1)) s.t. (^10,-^10) G y S o((qn,xi 2 ),(s(\s\),e)) since it 
satisfies 3 when \s(l) ■ ■ ■ s(i)s(i +!)■■■ sQs\ - 1)| = n { and |s'(l) ■ ■ ■ s'(i)s'(i +!)■■■ s'Qs'\ - 1)| = 
n 2 . Then, P(s) = P(s') 5 <?io e 5(^ . and x 10 G or(x , s'). Or case 3: there exists (^i 3 ,xi 3 ) £ 
y S o((qo,x ),(s, s'(l)- ■■ s'(i)s'(i + 1) • • • s'Qs'l ~ 1))) s.t. O?io,xi ) G Y.s ((<?i3,^i3),(e,s'(l*'l)))- Simi- 
larly, we obtain i'(s) = /'(s'), ?io e <5(<7 . and jci £ a(x ,s'). (Sufficiency) 1. \s\ = 0, then 
s = 6. Let g e 5(^o, e)- (1) I a' I = and s' = e. For any x £ a(x , e), it is obvious that 
(q,x) £ y so ((qQ,xo),(e,e)). (2) = 1. Let s' = <J\ with P(o- x ) = e. For any x' £ a(x ,cri), 
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we have (q,x') e y so ((qo,xo),(e,<Ti)). (3) Assume that the sufficiency of this proposition holds 
when | si = and |s'| = n 2 . (4) |s'| = n 2 + 1. For any x" e a(x , s') with e = P(e) = P(s') = 
P(s'(l) • • • s'(z) • • • s'Os'l - l)<r 2 ) = P(s'(l) ■ ■ ■ s'(z) ■ ■ ■ s'(\s'\ - l))cr 2 , we obtain P{a 2 ) = e. Because 
the sufficiency of this proposition holds when |s| = and \s'{\) ■ ■ ■ s'{i) ■ ■ ■ s'{\s'\ - 1)| = n 2 from 
above assumption, there exists x\ e a(x , s'(l) • • • s'(i) • • • s'(\s'\ - 1)) with x" e a(x\, cr 2 ) s.t. (q, x\) e 
y so ((q , x ), (e, s'(l) • • • s'(0 ■ ■ ■ s'(\s'\-l))), then (q, x") e y so ((qo, *b), (e, s'(l) • • • s'(0 • • • s'(\s'\-l))cr 2 )). 
2. |s| = 1. Let s = cr 3 and q\ e 6(qo,cr 3 ). (1) |s'| = and s' = e. For any x'" e a(xo,e) 
with P(cr 3 ) = 6 = P(e), we have (qi,x"') e y so ((q ,x ),(cr 3 ,e)). (2) |s'| = 1. Let s' = cr 4 
with P(cr 3 ) = P(cr 4 ), cr 3 ^ 6 and cr 4 £ e. Then, for any jci e or(xo,cr 4 ), we have {q,X\) £ 
yso((qo,xo),(o~3,o~4))- (3) Assume that the sufficiency of this proposition holds when |s| = 1 and 
|s'| = n 2 . (4) |s'| = n 2 + L Let x 2 6 oOtb.j') = or(x , s'(l) • • • ■ ■ ■ s'(\s'\ - l)o" 4 ) with P(cr 3 ) = 
P(s') = P(s'(l) ■ ■ ■ s'(i) ■ ■ ■ s'ds'l - l)cr 4 ). If P(cr3) = 6, then P(s'(D • • • *'(/) • • • j'Ck'l - D) = P&a) = 
e = P(cr 3 ). There exists x 3 e a(x , s'(\) ■ ■ ■ s'(i) ■ ■ ■ s'(\s'\ - 1)) with x 2 e a(x 3 ,cr 4 ) s.t. (q\,x 3 ) e 
y so ((qo,xo),(o- 3 , s'(l) • • • s'(z') • • • s'(|s'|-l))) as the sufficiency of this proposition holds when |<x 3 | = 1 
and \s'(l)--- s'(i)--- s'(\s'\ - 1)| = n 2 . Moreover, (qi,x 2 ) e y so ((qu x 3 ), (e, cr 4 )). Then, (qi,x 2 ) G 
Y, ((^o,^o),(^3^')). If /Vs) = ^3 ^ 6, we have P(cr 3 ) = P(s'(l) • • • s'(i) ■ ■ ■ s'(\s'\ ~ l)^)- Then, 
there are two cases. Case 1: If P(cr 4 ) = P(cr 3 ) = cr 3 , we obtain P(s'(l) ■ ■ • s'(i) • • • s'(|s'| - 1)) = e. 
Obviously, the sufficiency of the proposition holds. Case 2: If P{cr\) = e, there exists i e N + with 1 < 
i < \s'\ - 1 s.t. P(s'(i)) = a 3 and P(s'(l)s'(2) • • • s'(i- 1)) = e. Futher, P(s'(i+ 1) • • • s'(|s'| - l)cr 4 ) = e 
if 1 < i < |s'| - 1; P(cr 4 ) = 6 if i = \s'\ - 1. Thus, there is x 4 e a(x , s'(l) • • • s'(i - 1)) with 
* 5 e a(x 4 ,cr 3 ) s.t. (q Q ,x 4 ) £ y so ((q ,x ),(e, s'(l) ■ ■ ■ s'(i - 1))) as 1 < \s'(l) ■ ■ ■ s'(i - 1)| < n 2 . 
Then, (^1,^:5) e y so ((qo, x 4 ),(cr 3 , s'(i))) because of P(s'(i)) = cr 3 . Therefore, we have (qi,x 2 ) e 
y so ((qo, xq),(ct 3 , s')) by the definition of the simulation-based observable product. 3. Assume that 
| si = ni, \s'\ = n 2 , the sufficiency of this proposition holds. (4) |s| = ri\ + 1 and |s'| = n 2 . Let 
q 2 e 6(q Q , s) = 6(q (h s(l) • • • s(z) • • • s(|s| - l)cr 5 ), x 6 e a(x (h s') = a(x , s'(l) • • • s'(z') • • • s'(|s'| - l)cr 6 ) 
and P(s) = P(s'). If P(cr 5 ) = e, then P(s(l) ■ ■ ■ s(i) ■ ■ ■ s(\s\ - 1)) = P(s') with |s(l) • • • s(z) • • • s(|s| - 
1)| = «i and s' = n 2 . Thus, there exists q 3 e 6(q , s(l) • • • s(i) ■ ■ ■ s(\s\ - 1)) with q 2 e 6(q 3 ,cr 5 ) 
s.t. (q 3 ,x 6 ) 6 y so ((q ,x ),(s(l)--- s(i)--- s(\s\ - l),s')). Therefore, (q 2 ,x 6 ) e y so ((q 3 ,x 6 ),(cr 5 ,e)). 
Then, (q 2 ,x 6 ) e y so ((q , x ), (s, s')). If P(cr 5 ) = cr 5 * e, we have P(s(l) • • • s(i) ■ ■ ■ s(\s\ - l))cr 5 ) = 
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P(s(l) • • • s(i) • • • s(\s\ - l))cr 5 = P(s'(l) • • • s'(i) • • • s'(\s'\ - l)cr 6 ). Then, we have two cases. Case 
1: If P(cr 6 ) = P(cr 5 ), we obtain P(s'(l) ■ ■ ■ s'(i) ■ ■ ■ s'(\s'\ - 1)) = P(s(l) ■ ■ ■ s(i) ■ ■ ■ s(\s\ - 1)). There 
is x 7 6 a(x , s'(\) ■ ■ ■ s'(i - 1)) with x 6 e a(^ 7 ,cr 6 ) and q' 3 e 6(q , s(l) • • ■ s(i) ■ • • s(\s\ - 1)) with 
q 2 e 6(q' 3 ,cr 5 ) s.t. (q 3 ,x 7 ) £ y so ((qo, x ), (s(l) ■ ■ ■ s(i) ■ ■ ■ s(\s\ - 1), s'(l) • • • s'{i - 1))) because the 
sufficiency of the proposition holds when |s(l) • • • s(\s\ - 1)| = ri\ and |s'(l) • • • ^'(l^'l _ 1)1 = n 2 - I. 
Then, (q 2 ,x 6 ) e y so ((q' 3 ,x 7 ),(o- 5 ,o- 6 )). Therefore, (q 2 ,x 6 ) e y so ((q , x ), (s, s')) by the definition 
of the simulation-based observable product. Case 2: If P(cr 6 ) = e. There exists i with 1 < i < 
\s'\ - 1 s.t. P(s'(i)) = o- 5 with P(s(l)s(2)---s(\s\ - 1)) = P(s'(l)s'(2)---s'(i - 1)). Moreover, 
P(s'(i + l)---s'(\s'\ - l)cr 6 ) = e if 1 < i < \s'\ - 1 and P(cr 6 ) = e if i = \s'\ - 1. Thus, there 
is * 8 e a(x ,s'(l)---s'(i - 1)) with x 9 e a(x 8 ,cr 5 ) s.t. (q 3 ,x&) e y so ((q ,x ),(s(l)s(2) ••• s(\s\ - 
1), s'(l) • • • s'(i - 1))) as |s(l)s(2) • • • s(\s\ - 1)| = n x and 1 < 1^(1) • • • s'(i - 1)| < n 2 satisfying the 
assumption 3. Then, (q 2 ,xe) 6 y so ((qo,x ),(s, s')) because of the definition of the simulation-based 
observable product. ■ 

Based on the simulation-based observable product, the following concepts are introduced. 

Definition 17: Given a simulation-based observable product R x so G = (X S0 ,S, q x xo,y so ,X som ) 
and s\ e L(R), the equivalent projection string set of s\ with respect to the plant G is defined as 
S Sl = {s 2 e E* | 3 (q,x) e X so s.t. (q,x) e y so ((q ,x ), (s u s 2 ))}. 

It can be seen that all the strings of plant G that have the same projection as the string s\ of 
specification are included in S Sl . In order to guarantee the existence of the supremal simulation- 
based strong observable subautomata, we propose the following concept. 

Definition 18: Given a plant G and a specification R = (Q, 2, q , 6, Q m ), R is said to be calculable 
for the supremal simulation-based strong observable subautomaton with respect to G if it satisfies: 

(Vq e £m)(Vs e S q )(Vs' e S s )(\/cr e Z c )[s'o- e L(G) ^ 6(q,cr) * 0] 

where Q M = {q e Q | \S q \ > 2}. 

The specification R is said to be calculable for simulation-based controllable and strong observable 
subautomaton with respect to G if it is calculable for both supremal simulation-based controllable 
subautomaton and supremal simulation-based strong observable subautomaton. 
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Because the simulation-based observability is not closed under state union, the supremal simulation- 
based observable subautomaton does not exist. Here, we introduce the simulation-based strong 
observability which implies simulation-based observability and it is also closed under state union 
under certain conditions. 

Definition 19: Given a plant G = (X,H,x ,a,X m ), a specification R = (Q, I,,q ,S,Q m ) and their 
simulation-based observable product R x so G = (X so ,2, q Q xx ,y so ,X som ), R is said to be simulation- 
based strong observable with respect to G, E c and P if it satisfies: 

(1) (Simulation Condition) There is a simulation relation <p such that R <^ G. 

(2) (Strong Observable Condition) [(s = e)(Vs' e S £ ) ^ s' e L(R)] and (Vs, e L(R)\{e})(V s 2 e 
S Sl ) (iq 6 6(q , s 2 ))(Vo- G S c ) [ Sl cr, s 2 cr e L(G) =* 8{q,cr) * 0]. 

The QiXXi c QxX is said to be a simulation-based strong observable set if <2i x ^i is a simulation 
relation from R to G and Rc(Q\ x X\) satisfies the strong observable condition. Furthermore, the 
set Qi x X\ is a simulation-based controllable and strong observable set if it is a simulation-based 
controllable set and also a simulation-based strong observable set. 

The relationship between simulation-based strong observability and simulation-based observabil- 
ity as below. 

Proposition 6: Given a plant G = (X, E, x , a, X m ) and a specification R = (Q, 2, q , 8, Q m ), R is 
simulation-based observable with respect to G, S c and P if i? is simulation-based strong observable 
with respect to G, S c and P. 

Proof: Because R is simulation-based strong observable with respect to G, E c and P, we have 
that 7? is simulated by G. Assume that R satisfies the strong observable condition but not the 
observable condition, then there exists s, s' e L(R) with P(s) = P(s') s.t. there is q e 6(q , s) with 
6(q,cr) = if scr e L(G) and s'cr e L(R), where <x e E c . Let 5 = 6, we have the following cases. 
(1) s' = e. Since ea e L(R), 8(q, a) ± 0. (2) s' ± e with P(s') = e. We have s' e L(R) and e e S s >. 
Moreover, ecr e L(G) and s'cr e L(G) because R < G implies L(R) c L(G). Thus, £(<?,cr) ^ 
according to the strong observable condition. Let s e L(R)\{e}, we have s e S s . In addition, 
scr e L(G). Thus, S(q,o~) ^ because i? satisfies the strong observable condition. Therefore, all 
the cases contradict the assumption. As a result, R satisfies the observable condition. Hence, R is 
simulation-based observable with respect to G, Z c and P. ■ 
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Based on the simulation-based strong observability, we propose the following notion. 

Definition 20: Let G = (X,T,,xo,a,X m ) be a plant, R = (Q,H,qo,6,Q m ) be a specification, 
R X so G = (X so ,T.,q x x ,y so ,X som ) be their simulation-based observable product and Rc(Z) = 
(Qrcz,^,qo,5 rcz ,Q rczm ) be a subautomaton for Z c Q x X . For any s\ e L(Rc(Z)), s 2 e S Sl and 
<r e Z c , the state failure set of s\ for the strong observability, denoted by Q ds (Z), is defined as: 



{qeQ \ qe 6 rcz (q , S.) A (s 2 € L(Rc(Z)))} s, = e; 

{q e Q | q e 6 rcz (q , s 2 ) A (6 rcz (q, a) = 0) A (sjcr, s 2 o" 6 L(G))} si * e. 

Then, we construct the strong observable operator based on the complete lattice (2 QxX , c). 

Definition 21: Given a plant G = (X, S, xo, a, X m ), a specification R = (Q,Y,,q ,S, Q m ) and a 
subautomaton i?c(Z) = (<2 rcz ,2,go>£rc Z , Qrc Z m) for Z c g x X, the strong observable operator F so : 
2 QxX -» 2 exZ defined by (g.jc) e F ro (Z) if it satisfies: 

t Q' d {Z) x X, &(Z) = U SieLmz)) Q' dsi (Z). 

The strong observable operator satisfies following propositions. 

Proposition 7: Given a plant G = (X, E, x , or, X m ), a specification 7? = (Q, 2, g ,£, <2m) and a set 
Z c g x X, Rc(Z) satisfies the strong observable condition if Z c F so (Z) and there exists leX 
such that (<7o, 6 Z. 

Proof: Let 7?c(Z) = (<2 rcz , 2, g , £ rcz , 2 rczm ) be a subautomaton for Z. Assume that Rc(Z) violates 
the strong observable condition when Z c F S0 (Z) and (qo,x) e Z, where leX, then there exists 
si 6 L(7?c(Z))\{e}, s 2 6 S .«! , o" 6 S c with si<x, s 2 <x e £(G) such that (g, x) e Z with g e 5 rcz (<?o, s 2 ) and 
<W$, o-) = 0. Thus, q e Q ds iZ). Then, (q, x) e Q' d (Z)xX. Since Z c F, (Z), we have (q, x) e FJZ). 
By the definition of the strong observable operator F S0 (Z), (q, x) i Q' d (Z) x X, which introduces a 
contradiction. Then, Rc(Z) satisfies the strong observable condition. ■ 
Proposition 8: Given a plant G = (X, S, x , a, X m ), a specification R = (2, E, q , 8, Q m ) and the 
sets Z,Z' c QxZ, F S0 (Z) c F S0 (Z') if Z c Z' and 7? is calculable for the supremal simulation-based 
strong observable subautomaton with respect to G. 

Proof: Let 7?c(Z) = (<2 rcz , 2, go, #rcz> <2r CZ m) be a subautomaton for Z and Rc{Z') = {Q rcz >,1., q , 8 rcz >, 
Qrcz'm) be a subautomaton for Z'. For any (g, x) e Z and (g, x) 6 F S0 {Z), we have (g, x) i Q' d (Z)xX. 
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If q = qo, then s' e L(Rc(Z)) for any s' e S £ . Thus, we obtain s' e L(Rc(Z')) because of 
L(Rc(Z)) c L(Rc(Z')). Hence, q i Q de (Z). Since (q, x) e F S0 {Z), we also have q e 6 rcz (q Q , s 2 ) 
with 6 rcz (q, cr) ^ for any si 6 L(Rc(Z))\{e} such that s^cr 6 L(G) and any s 2 6 L{Rc{Z)) 
such that s 2 cr 6 L(G) and s 2 6 Moreover, (q, x) G Z' as Z c Z'. Assume that there exists 
5 3 6 L(Rc(Z'))\{e}, s 4 e S S3 and cr e S c with 5 3 cr 6 L(G) and ^cr e L(G) such that g e 8 rcz >(qo, s 4 ) 
and 8 rcz >(q,cr) = 0. If 53 6 L(Rc(Z)), we have the following cases: (1) s 4 e L(Rc(Z)). Obviously, 
6 r cz'(q,o~) + 0- (2) s 4 £ L(Rc(Z)), then S rcz >(q,cr) ^ since i? is calculable for supremal simulation- 
based strong observable subautomaton with respect to G. On the other side, there are two cases if 
s 3 t URc{Z)). (l)s 4 6 L(Rc(Z)). Because s 4 e P~ l [P(s 4 )] and s 4 cr e L(G), we obtain 6 rcz (q,cr) ± 0. 
Then, S rcz '(q, cr) ± 0. (2) s 4 <£ L(Rc(Z)). Because R is calculable for the supremal simulation- 
based strong observable subautomaton with respect to G, we have 6 rcz '(q,cr) + 0. Thus, we get 
S r cz'{q,cr) ^ from all above cases, which contradicts the assumption that S rcz >(q,cr) = 0. Therefore, 
q i Q ds (Z'). Hence, (q, x) i Q' d {Z') xX. Similarly, we can prove that (q,x) e F so (Z') when q ^ go- 
As a result, F so (Z) c F S0 (Z'). U 
From definition of F so (Z), we have F so (Z) c Z. Then, the supremal state set Z satisfying Z c 
F so (Z) is a fixed point of F so from lattice theory. As F so is monotone by Proposition [8} the maximal 
fixed point of F so can be obtained by iterating F so , and it will be discussed in next subsection. 

B. Supremal Simulation-based Strong Observable Subautomata 

A sufficient condition is proposed to guarantee the existence of the supremal simulation-based 
strong observable set. Further, an algorithm is presented to such subautomaton. 

Proposition 9: Let G = (X, E, xq, a, X m ) be a plant, R = (Q, £,go,£, Qm) be a specification, y = { 
QixXi c QxX \ (FCgiXXO c Fs((2i xXi)) A (F(<2i xXi) c F ro (<2, xX,)) } and 7 2 = [Q l xX 1 e 
2 QxX I /? 2 (2i x Xi) = Qi x Xi} be a set of fixed points of /? 2 . For any Q { xXi e 2 QxX and identify 
function F{Q Y xX 1 ) = Q 1 xX 1 , the function h 2 : 2 exX 2 exX is defined as: 

hiiQiXX,) = sup{Q 2 xX 2 e2 QxX :F(Q 2 x X 2 )QF s {Qi x X 1 )}n^p{<23xX 3 62 exX :F(<23xX3)cF M (2 1 xX 1 )} 

Then, any Q\ x X x e Y is a simulation-based strong observable set and s^pY = supY 2 if (g , -^o) e 
2i xXi and 7? is calculable for the supremal simulation-based strong observable subautomaton with 
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respect to G. 

Proof: As (qo,Xo) e QiXXi and <2i xXi c F s (Qi xXi), we obtain that Q\ xX[ is a simulation 
relation from R to G by Proposition [TJ Moreover, Rc(Qi x Xj) satisfies the strong observable 
condition by Proposition [7] because (<2i XX\) c F so (Q\ xX\). Hence, Q\ xX\ is a simulation-based 
strong observable set. From lattice theory, (2 QxX , c) is a compete lattice over which we definite the 
simulation operator F s and the strong observable operator F so which are monotone by Proposition 
[2] and Proposition [8j The identity function F(Q 2 X Z 2 ) = Qi x X 2 and F(£>3 x Z 3 ) = Q3XX3 are 
disjunctive. Hence, supY = supY 2 by Lemma 1. ■ 

Algorithm 1: Given a plant G = (Z,S,x , a,X m ) and a specification i? = (2,£,^ ,5, Q m ), 
the algorithm for computing the supremal simulation-based strong observable subautomaton with 
respect to G, Z c , and P is as follows: 

Step 1. Check whether R is calculable for the supremal simulation-based strong observable with 
respect to G. If not, the supremal simulation-based strong observable subautomaton does not exist, 
otherwise, go to step 2. 

Step 2. Let y = Q X X, VZ > 0, y M = h 2 (yd until y M = y h 

Step 3. If (gcb-Xo) £ y/» tne supremal simulation-based strong observable subautomaton does 
not exist, otherwise, if (^o>^o) 6 v /> Rc(yd is the supremal simulation-based strong observable 
subautomaton with respect to G, Z c , and P. 

Remark 2: Since G and i? are nondeterministic, their number of transitions are 0(|X| 2 x |2|) 
and 0(\Q\ 2 x respectively. So the complexity of the simulation-based observable product is 
0(\Q\ 2 x \X\ 2 x |S + 1| 2 ). Then, the complexity of checking the calculability of specification R for 
the supremal simulation-based strong observable subautomaton with respect to G is 0(\X\ 2 x |S| + 
\Q\ 2 x \X\ 2 x (|Z| + l) 2 ). Further, the complexity of the simulation operator is 0(\Q\ 2 x \X\ 2 x and 
the most iterative times is \X\ x \Q\, the complexity of Algorithm 1 is 0(\Q\ 3 x |X| 3 x (|2| + l) 2 ). 

Theorem 3: Algorithm 1 is correct. 

Proof: We have yi = supY by Lemma 2 and Proposition |9j Further, yi is a simulation-based 
strong observable set if (q , x ) e yi and R is calculable for the supremal simulation-based strong 
observable subautomaton w.r.t G by Proposition [9] Therefore, y t is the supremal simulation-based 
strong observable set. Base on it, we build the subautomton Rc(yi). Therefore, Rc(yi) is the supremal 
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simulation-based strong observable subautomaton w.r.t. G, E c , and P. ■ 

C. Supremal Simulation-based Controllable and Strong Observable Subautomata 

Further, we propose a sufficient condition to guarantee the existence of the supremal simulation- 
based controllable and strong observable set and an algorithm to calculate such subautomaton. 

Proposition 10: Let G = (X, 2, x , a,X m ) be a plant, R = (Q, E, q , 6, Q m ) be a specification, Y = { 
Q.xX, cQxX| (FC&xXO c F,(QiXX 1 ))A(F(e 1 xX 1 ) c F c (Q 1 xX 1 ))A(F(Q 1 xX 1 ) c /^(Q.xX,)) 
} and y 3 = {<2i xli e 2 QxX \ h 3 (Qi x X x ) = gi x Xi} is a set of fixed points of h 3 . For any 
<2i x Xx e 2 exX and identify function F(<2, X X,) = Qi X X u the function fc 3 : 2 QxX -» 2 exX is 
defined as: 

MQiXX!) = ™p{<2 2 xX 2 e 2 exX : F(Q 2 x X 2 ) c F s (Qi x X,)} n ™p{<23 x X 3 e 2 exX : F(Q 3 x X 3 ) c 
F c (Qi x X,)} n ™/7{<2 4 xX 4 e 2 exX : F(Q 4 x X A ) c F JO (<2, x X,)} 

Then, any <2iXXr e y is a simulation-based controllable and strong observable set and supY = supY 3 
if (g , *o) e <2i x Xi and 7? is calculable for supremal simulation-based controllable and strong 
observable subautomaton with respect to G. 

Algorithm 2: Given a plant G = (X, 2, jto, a,X m ) and a specification R = (Q,Y,,q ,S, Q m ), the 
algorithm for computing the supremal simulation-based controllable and strong observable subau- 
tomaton is as follows: 

Step 1. Check whether R is calculable for the supremal simulation-based controllable and strong 
observable subautomaton with respect to G. If not, the supremal simulation-based controllable and 
strong observable subautomaton does not exist, otherwise, go to step 2. 

Step 2. Let y = Q x X, Vn > 0, y n+l = h 3 (y n ) until y„ +1 = y n . 

Step 3. If (qo,x ) i y n , the supremal simulation-based controllable and strong observable subau- 
tomaton does not exist, otherwise, Rc(y n ) is the supremal simulation-based controllable and strong 
observable subautomaton if (qo,x ) e y n . 

Remark 3: The complexity of checking calculability of specification R for the supremal simulation- 
based controllable subautomaton is 0(|X| 2 x|£| + |<2| 2 x|£|). Further, the complexity of the Algorithm 
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1 and the simulation-based controllable product are 0(\Q\ 3 x |Z| 3 x (|S| + l) 2 ) and 0(\Q\ 2 x \X\ 2 x |2|) 
respectively, the complexity of Algorithm 2 is 0(\Q\ 3 x |X| 3 x (|Z| + l) 2 ). 
Theorem 4: Algorithm 2 is correct. 

The proofs for Propositions 10 and Theorem 4 are similar to Proposition [9] and Theorem 3. 



Remark 4: Since simulation-based strong observability implies simulation-based observability, 
the supremal simulation-based controllable and strong observable subautomaton is simulation-based 
controllable and observable. Further, its language is controllable and observable because simulation- 
based controllability and observability implies language controllability and observability lfT4l . 

Further, this supremal controllable and strong observable subautomaton satisfies the following 
property. 

Proposition 11: Given a specification R = (Q,2,,q Q ,S, Q m ) and a plant G = (X, E, Xq, a, X m ) such 
that R <</, G, the subautomaton R" = (Q" ,2,,q ,5, Q'^) obtained by Algorithm 2 is a supremal 
element of automata set S:= {S' \ (S' < R) A (S" is simulation-based controllable and strong 
observable) } based on the prelattice (S, <). 

Proof: Let R' = (<2',£, q' Q ,S', Q' m ) be an automaton satisfies that R' <^ R and R' is simulation- 
based controllable. We need to prove that there exists a simulation relation (f> 2 between R' and R" 
such that R' < t p 1 R" when R <^ G. Because R' <^ R, there is q\ e S(q , s{) such that (q[,qi) e (p\ 
for any q\ € 6'(q' , si). Assume that q\ e Q - Q", there are two cases according to Algorithm 2: 
(l)Oicr 6 L(G)) A (cr € S MC )A(cr $■ r(^i)). Then a t T'(q\) because (q[, q{) e (p± with T'(q\) c T(q x ). 
Thus, R' is not simulation-based controllable w.r.t. G and S c , which introduces a contradiction. (2) 
For any s' such that q x 6 6(qo, s'), we have any q 2 6 6(qo, s 2 ) such that q\ e 8(q 2 , s 3 ) with s' = s 2 s 3 
and q 2 violates the controllable condition. Then, we have S[ = s 2 s 3 and o~\ t r(g 2 ), where o~\ e S MC 
and s 2 o-\ e L(G). Thus, there is q' 2 e S(q' ,s 2 ) such that q\ e 5(^2^3) and {q' 2 ,q 2 ) e <f>\. Then 
o~\ i T'(q' 2 ), which implies that R' does not satisfy the controllable condition. Hence, we obtain a 
contradiction. Therefore, the assumption does not hold. That is, q x e Q". Thus, R' < R" . Similarly, 
we can prove that R' < R" if R' < ( f >l R and R' is simulation-based strong observable. As a result, 
R" is a supremal element of S. ■ 

Remark 5: The assumption requiring that R <^ G, can be satisfied at the most cases because the 
descried specification should not be out of the range of the behavior of the plant. This is similar 
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to the precondition L(R) c L(G) in Ramadge-Wonham's framework. 

V. EXAMPLE 




Fig. 1. Manufacturing System (Left) and Plant (Right) 

Consider a manufacturing system that consists of two workstations, three rooms and a robot as 
shown in Fig. [T] (Left). Initially, the robot is in workstation 1. By choosing rail 1 (event a), this 
robot nondeterministically goes to room 2 and room 3 and by choosing rail 2 (event b), it can go 
to room 1. If the robot is in room 2 and it hears the alarm (event s), it can go to the workstation 2 
(event ri). Or it can take a video (event d) when it is in room 2 and after that it has two choices 
: to go to workstation 2 (event r{) or to receive the message from the host computer (event g). 
After the message has been received, the robot can active an energy-saving mode (event h) and 
then go to workstation 2 (event r{). If the robot is in room 3, its behavior is similar to what it does 
in room 2 except that it can pick up a box from room 3 (event c\) and then go to workstation 2 
(event r{). If it is in room 1, it also has two choices: to pick up a box from room 1 (event C2) 
then go to workstation 2 (event r{) or to take a video (event d) and after then go to workstation 2 
(event r{). In this model, we assume that the event s describing that the robot hears the alarm is 
uncontrollable, the event g describing that the robot receives a message from the host computer is 
uncontrollable and unobservable and all the rest events are controllable and observable. 

The automata model G of the robot in manufacturing system is shown in Fig. [T] (Right). The 
specification R is in Fig. [2] (Left) to restrict the behavior of G, which requires that the robot 
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Fig. 2. Specification (Left) and Supremal Simulation-Based Controllable and Strong Observable Subautomata (Right) 



can go to the workstation 2 after hearing the alarm or go to workstation 2 after taking the 
video if it is in room 2. It can be seen that L(G) = L(R). Thus, if we use language equiva- 
lence as a notion of behavioral equivalence, there is no need to control. However, as mentioned 
above, G can exhibit some undesired behaviors, which motivates us to design a supervisor S 
such that the controlled system S/G is bisimilar to R. In [14], such a supervisor S exists if and 
only if R is simulation-based controllable and observable under partial observation. However, R 
in this example is not simulation-based controllable and observable. In this paper, we want to 
calculate the supremal simulation-based controllable and strong observable subautomaton of R. 
By Algorithm 2, we obtain that R is calculable for such kind of subautomaton. Next, we have 
qi,q4 6 QdiQxX), qi e Q' d (Q XZ) and yi = h 3 (QxX) = {(qo,x ),(q 3 ,x 3 ),{q5,q7,q8,q9,qu} X 
{x4,x 5 ,x 6 ,x 7 ,x & ,x 9 ,xi2,xn},(q 6 ,x 4 ),(q6,x 6 ),(qio,xw),(qio,xn),(qi2,xi4)} in the first iteration. Fur- 
ther, y 2 = h 3 (yi) = yi and (qo,x ) £ y 2 . Hence, the supremal simulation-based controllable and 
strong observable subautomata is achieved in Fig. [2] (Right). 

VI. CONCLUSIONS 

By resorting to lattice theory, we proposed a computational approach to solve the supremal 
simulation-based controllable and strong observable subautomata, where both plant and specification 
are modeled as nondeterministic automata. The obtained solution provides a sufficient condition of 
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the existence of the supremal simulation-based controllable and strong observable subautomta and 
an explicit algorithm to calculate such subautomta. Further, an example is generated to illustrate 
the proposed techniques. 
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